Sameer Parekh wrote:
>
> We may be misunderstanding each other. Let me outline my
> position in pieces so we can see where we agree and where we
> disagree, more specifically.
>
> a) I would like the OpenSSL project to protect the codebase from being
> polluted with export-restricted code, US or otherwise.
My problem with this is that it requires the OpenSSL project to be aware
of export restrictions in other jurisdictions. If we really have to be
aware, then so be it, but I'd be _much_ happier if we could only worry
about our own. Can we not protect the codebase simply by asking that
people don't pollute it? Further, can we not back out any contributions
that turn out to be polluting?
> b) I would like the OpenSSL project to require that all contributors
> warrant that the code they are contributing does not violate export
> controls.
So long as _I_ don't have to collect these warranties, I can't see why
this should be a problem. I do wonder what the value of a warranty from
an anonymous contributor is, though.
> c) Due to 'scienter' requirements, if the OpenSSL project knowingly
> accepted a contribution from a US person, even if that person
> warranted that the code was free of export restrictions, OpenSSL would
> be tainted, and multinationals would not be allowed to use the code.
What are "scienter" requirements?
> d) The OpenSSL project should not allow US persons to contribute to
> the OpenSSL source code.
Here we have a serious departure - why do I have to enforce US law? I
really don't see why that is my problem. I also don't see how I can
realistically do this - how do I know the nationality of each
contributor? The way I see it, this is something US people have to do
voluntarily - I can't enforce it. If a US person really wanted to
contribute source they could easily fool me into accepting it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
